Home page logo
/

nmap-dev logo Nmap Development mailing list archives

[SPAM] Re: Ncat Wildcard Matching rules
From: Rob Nicholls <robert () robnicholls co uk>
Date: Thu, 18 Jun 2009 16:09:52 +0100

On Thu, 18 Jun 2009 08:55:11 -0600, David Fifield <david () bamsoftware com>
wrote:
On Thu, Jun 18, 2009 at 09:08:37AM +0100, Rob Nicholls wrote:
On Wed, 17 Jun 2009 12:03:03 -0600, David Fifield
<david () bamsoftware com>
wrote:
How common are these wildcard certificates in practice? Does anybody
run
an SSL site with one of them?

I don't use a wildcard certificate on my own website, but I've tested a
number of clients in the last few years that have used them on theirs.
So
they're not uncommon.

Are they the kind that would be handled by a single leftmost wildcard,
nothing fancier?

Yes, I don't think I've ever seen anything other than a single leftmost
wildcard.

I've also seen wildcard certificates that have a Subject Alternative Name
of the domain itself (as a certificate for *.domain.tld isn't valid for any
sites hosted at https://domain.tld), but that's about as exotic as I can
remember. I presume whatever code handles SANs would also cope with a
wildcard with SANs.

Rob




_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]